Add op-batcher-tee image in CI (#210)

* push op-batcher-tee image init

* fix tag and push

* test image creation without enclaver

* try to use env

* fix enclaver download

* use env in docker images yml

* restore other task

* remove unneeded steps

Author: dailinsubjam

.github/workflows/docker-images.yml

@@ -394,3 +394,100 @@ jobs:
             TARGET_BASE_IMAGE=alpine:3.22
             TARGETOS=linux
             TARGETARCH=amd64
+
+  build-op-batcher-tee:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    env:
+      ENCLAVE_APP_IMAGE: op-batcher-enclave:app
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install just
+        uses: extractions/setup-just@v2
+
+      - name: Install Rust
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+          override: true
+
+      - name: Install Foundry
+        uses: foundry-rs/foundry-toolchain@v1
+        with:
+          version: nightly
+
+      - name: Install dasel
+        run: |
+          curl -sSL "https://github.com/TomWright/dasel/releases/latest/download/dasel_linux_amd64" -o /tmp/dasel
+          sudo mv /tmp/dasel /usr/local/bin/dasel
+          sudo chmod +x /usr/local/bin/dasel
+          dasel --version
+
+      - name: Check for package.json
+        id: check-package
+        run: |
+          if [ -f "package.json" ]; then
+            echo "has-package=true" >> $GITHUB_OUTPUT
+          else
+            echo "has-package=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Setup Node.js
+        if: steps.check-package.outputs.has-package == 'true'
+        uses: actions/setup-node@v4
+        with:
+          node-version: '18'
+          cache: 'npm'
+
+      - name: Run Enclaver installation
+        run: |
+          echo "Downloading and installing Enclaver..."
+          ARCH=$(uname -m)
+          LATEST_RELEASE=$(curl -s https://api.github.com/repositories/516492075/releases/latest)
+          DOWNLOAD_URL=$(echo "$LATEST_RELEASE" | jq -r ".assets[] | select(.name | test(\"^enclaver-linux-$ARCH.*tar.gz$\")) | .browser_download_url")
+          if [ -z "$DOWNLOAD_URL" ]; then
+            echo "Could not find Enclaver download URL"
+            exit 1
+          fi
+          curl -L "$DOWNLOAD_URL" -o enclaver.tar.gz
+          tar xzf enclaver.tar.gz
+          sudo install enclaver-*/enclaver /usr/local/bin/
+          rm -rf enclaver.tar.gz enclaver-*
+          enclaver --version
+
+      - name: Install dependencies
+        if: steps.check-package.outputs.has-package == 'true'
+        run: npm ci
+
+      - name: Build op-batcher enclave image
+        run: |
+          cd espresso
+          ./scripts/batcher-enclave-image.sh
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.IMAGE_PREFIX }}/op-batcher-tee
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=sha,prefix={{branch}}-,enable={{is_default_branch}}
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=raw,value=pr-${{ github.event.number }},enable=${{ github.event_name == 'pull_request' }}
+
+      - name: Tag and push op-batcher-tee image
+        run: |
+          docker tag "${{ env.ENCLAVE_APP_IMAGE }}" ${{ steps.meta.outputs.tags }}
+          docker push ${{ steps.meta.outputs.tags }}

espresso/docker/op-stack/Dockerfile

@@ -113,8 +113,6 @@ COPY --from=op-node-builder /app/op-node/bin/op-node /usr/local/bin/
 # Create config directory
 RUN mkdir -p /config
 
-# Include the config.
-COPY espresso/deployment/l2-config /config
 
 CMD ["op-node"]
 

espresso/scripts/batcher-enclave-image.sh

@@ -20,24 +20,13 @@ export ENCLAVE_APP_IMAGE="op-batcher-enclave:app"
 export ENCLAVE_TARGET_IMAGE="op-batcher-enclaver:tests"
 export MANIFEST_FILE="batcher-enclave.yaml"
 
-# Required for enclave operations
-if [[ ! -e /dev/nitro_enclaves ]]; then
-    echo "Error: /dev/nitro_enclaves device not found. Are you running on a Nitro-enabled instance?"
-    exit 1
-fi
-
-# Check if docker is running
-if ! docker info > /dev/null 2>&1; then
-    echo "Error: Docker is not running or not accessible"
-    exit 1
-fi
 
 echo "Using HOST_IP: $HOST_IP"
 echo "Ports -> L1:$L1_HTTP_PORT  L2:$OP_HTTP_PORT  Rollup:$ROLLUP_PORT  EspressoAPI:$ESPRESSO_SEQUENCER_API_PORT"
 
 # Step 1: Build the Docker image using your existing Dockerfile
 echo "Building Docker image..."
-docker build -t $ENCLAVE_APP_IMAGE \
+docker build -t "$ENCLAVE_APP_IMAGE" \
     -f ../ops/docker/op-stack-go/Dockerfile \
     --target op-batcher-enclave-target \
     --build-arg ENCLAVE_BATCHER_ARGS="--l1-eth-rpc=http://$HOST_IP:$L1_HTTP_PORT \
@@ -58,7 +47,7 @@ fi
 
 # Step 2: Create enclaver manifest
 echo "Creating enclaver manifest..."
-cat > $MANIFEST_FILE << EOL
+cat > "$MANIFEST_FILE" << EOL
 version: v1
 name: "op-batcher-enclave"
 target: "$ENCLAVE_TARGET_IMAGE"
@@ -77,18 +66,18 @@ egress:
 EOL
 
 echo "Manifest created:"
-cat $MANIFEST_FILE
+cat "$MANIFEST_FILE"
 
 # Step 3: Build the enclave
 echo "Building enclave..."
-sudo enclaver build --file $MANIFEST_FILE
+sudo enclaver build --file "$MANIFEST_FILE"
 
 if [ $? -ne 0 ]; then
     echo "Failed to build enclave"
     exit 1
 fi
 
-# Step 4: Run the enclave
+# Step 4: Run the enclave (commented out as in original)
 # echo "Running enclave..."
 # docker run --rm --privileged --net=host \
 #   --name batcher-enclaver-$RANDOM \